909fdfeef66f20a0ce6275b334f8eec552f50222c0acb9f759f01a2c8c418d4b | Triage

Sharing

General

Target

Cryptic Installer.exe
Size

12.1MB
Sample

250227-db288s11hw
MD5

26115ce9c0aa825be82c500004825308
SHA1

0883c65e4c063b61647865d58cd3a3d46324365b
SHA256

909fdfeef66f20a0ce6275b334f8eec552f50222c0acb9f759f01a2c8c418d4b
SHA512

1368efd81bd46c02703e39008b19635ebd3c9ea98b32d7ac3b90f11b09c286d9b45511dd1aee3e9f6998ee7ecb7f81c9f2cdb9ccea142cf09cdc6ebbaa5882d4
SSDEEP

98304:b1FLZ04/tavoCAifjWKqgpvlYFDU2f8u06rA7BxMooQlititz12d:XT/taACAiCWvlYr8u0JrgQli6

Score

8^/10

defense_evasion discovery execution trojan

Malware Config

Targets

- Target
  
  Cryptic Installer.exe
- Size
  
  12.1MB
- MD5
  
  26115ce9c0aa825be82c500004825308
- SHA1
  
  0883c65e4c063b61647865d58cd3a3d46324365b
- SHA256
  
  909fdfeef66f20a0ce6275b334f8eec552f50222c0acb9f759f01a2c8c418d4b
- SHA512
  
  1368efd81bd46c02703e39008b19635ebd3c9ea98b32d7ac3b90f11b09c286d9b45511dd1aee3e9f6998ee7ecb7f81c9f2cdb9ccea142cf09cdc6ebbaa5882d4
- SSDEEP
  
  98304:b1FLZ04/tavoCAifjWKqgpvlYFDU2f8u06rA7BxMooQlititz12d:XT/taACAiCWvlYr8u0JrgQli6
Score

8^/10

defense_evasion discovery execution trojan
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks whether UAC is enabled
  defense_evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Share Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryexecutiontrojan